CVE-2024-9666 in Keycloakinformação

Sumário

de MITRE • 25/11/2024

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservar

08/10/2024

Divulgação

25/11/2024

Moderação

aceite

Entrada

VDB-285721

CPE

pronto

EPSS

0.00399

KEV

não

Atividades

muito baixo

Fontes

Do you need the next level of professionalism?

Upgrade your account now!